search

oscal-compass / compliance-trestle

An opinionated tooling platform for managing compliance as code, using continuous integration and NIST's OSCAL standard.
https://oscal-compass.github.io/compliance-trestle
Apache License 2.0
168 stars 61 forks source link

Component definitions without rules have unexpected markdown editing behavior #1667

Closed jpower432 closed 2 months ago

jpower432 commented 3 months ago

Describe the bug

Trestle does not support OSCAL-compliant Component Definitions and require Rule properties for correct processing. When using OSCAL Component Definitions without rule properties, the markdown files are generated without the source implementation information. If the markdown is subsequently edited, the information is not added to the JSON.

Additional discussion and reproduction information is located on #1631

To Reproduce

Steps to reproduce the behavior:

trestle init
trestle import -f https://raw.githubusercontent.com/CivicActions/oscal-component-definitions/main/aws/oscal/aws.json -o aws
trestle author component-generate -o md_comp/aws --name aws
trestle author component-assemble --markdown md_comp/aws/ -o aws

Expected behavior

At minimum, an error should be thrown for unsupported OSCAL Component Definitions or control implementations.

From the discussion: trestle author component-generate is run for a component definition with no rule information, the resulting markdown files should contain the original information and allow editing of the OSCAL schema compliant implementation details (e.g. implementation description)

Screenshots / Logs.

Additional information - Adding rules manually to the JSON fixed the behavior

            "implemented-requirements": [
              {
                "uuid": "c9cbefe4-5c62-4a14-bbb6-91cb5658dfc8",
                "control-id": "ac-2",
                "description": "The system partially inherits this control from the FedRAMP Provisional ATO granted to the AWS Cloud dated 1 May 2013 for the following: AWS account management and other things.",
                "props": [
                  {
                    "name": "Rule_Id",
                    "ns": "http://ibm.github.io/compliance-trestle/schemas/oscal/cd",
                    "value": "Test-rule_001"
                  },
                  {
                    "name": "implementation-status",
                    "value": "implemented"
                  }
                ]
              }

Environment

jpower432 commented 2 months ago